stackoom
  简体   繁体   中英

I am trying to use AWS KMS to encrypt in asp.net core it's work fine on local system. But when we deploy on elastic beanstalk they give an exception

 原文  2021-06-08 06:18:57       c#/ asp.net-core/ amazon-elastic-beanstalk

Question

public async Task<string> EncryptText(string textToEncrypt, string keyID)
{
    if (string.IsNullOrWhiteSpace(textToEncrypt))
    {
        return "";
    }
    else
    {
        var result = "";
        var client = new AmazonKeyManagementServiceClient();
        var encryptRequest = new Amazon.KeyManagementService.Model.EncryptRequest();
        encryptRequest.KeyId = keyID;
        var textBytes = Encoding.UTF8.GetBytes(textToEncrypt);
        encryptRequest.Plaintext = new MemoryStream(textBytes, 0, textBytes.Length);
        var response = await client.EncryptAsync(encryptRequest);

        if (response != null)
        {
            result = Convert.ToBase64String(response.CiphertextBlob.ToArray());
        }
        return result;
    }
}

This following code perfectly work on local system but get an elastic beanstalk. I cannot find out why this error come

1 answers

solution1
 0  2021-06-08 21:26:53

What is the error you are getting? It is most likely an IAM issue. The IAM user permissions on your local box are not the same as the instance profile on the EC2 instance.

  1. Navigate to Elastic Beanstalk > Environments > Your environment > Configuration

  2. Under Security find the IAM instance profile that is being used.

  3. Go to IAM and find the role. It should have a policy statement that allows encrypt actions using that key. Something like:

        {
            "Action": [
                "kms:Decrypt",
                "kms:Encrypt",
                "kms:ReEncrypt*",
                "kms:GenerateDataKey*"
            ],
            "Resource": "arn:aws:kms:{my region}:{my account id}:key/{my key id}",
            "Effect": "Allow"
        }
  1. Also go to KMS to check the Key Policy. It might look something like:
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "{my iam instance profile arn}"
            },
            "Action": [
                "kms:Decrypt",
                "kms:Encrypt",
                "kms:ReEncrypt*",
                "kms:GenerateDataKey*"
            ],
            "Resource": "*"
        }

We need more details about the error to properly assess the problem. But maybe this is the issue.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Getting Error 404 Not Found when deployed asp.net core web api to aws elastic beanstalk AWS Elastic beanstalk: ASP.NET Cors configuration not allowing hosts Elastic Beanstalk not running any commands when deploying asp.net using “Publish to AWS” Visual Studio command System.NotImplementedException in System.Core.dll when I use Chart Helper in ASP.NET How can I set permissions to a specific folder with Elastic Beanstalk using a C# ASP.NET Core app? Use md5 to encrypt the password in asp.net .core ASP.NET upload image, resize, and save to file system. Why am I getting System.FormatException when adding rewrite rules to ASP.NET Core web application? Deploy ASP.NET Core API to Local IIS Error 500 How can I get a custom exception handler written in ASP.Net Core 2.0 to work in ASP.Net Core 3.1?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM